Endpoint Vulnerability

CVE-2020-8945proglottis/gpgme: Use-after-free in GPGME bindings during container image pull

Description

A use-after-free vulnerability was found in the Go GPGME wrapper library, github.com/proglottis/gpgme. An attacker could use this flaw to crash or cause potential code execution in Go applications that use this library, under certain conditions, during GPG signature verification.

Affected Products

gpgme

References

CVE-2020-8945,